CDT is a non-profit, public interest organization
working to protect and advance civil liberties and democratic
values on the Internet. One of our core goals is to develop a
privacy framework for the Internet. Towards this end, CDT is working
to develop and implement fair information principles and technical
tools that foster individual control over personal information
on the Internet.

The emerging global information infrastructure poses
both difficult challenges and unique opportunities for protecting
individual privacy. CDT believes that new technologies can be
designed to enable citizens to exercise greater control over the
collection and use of personal information. Through the development
and implementation of strong privacy policies, and the design
and implementation of technological mechanisms that facilitate
individual choice, we believe that interactive digital media can
empower citizens to make meaningful decisions about the flow of
personal information.

Today the impact of interactive media on individual
privacy remains unclear. Recent public concern with the Social
Security Administration's web site designed to provide individuals
access to their own earnings and benefits statements highlights
the consequences of failing to adequately address privacy and
security concerns. If we fail to address the privacy issues that
arise with this new technology we may undermine its roles as communication
medium, information source, and global marketplace of ideas and
products. The temporary closing of the SSA's web site should serve
as a wake-up call to those handling personal information -- privacy
is on the public's mind. We urge you to consider the privacy implications
of "look-up services" within the context of the growing
global information infrastructure.

Panel I: Databases -- Sources and AccessibilityWhat information do databases contain?
Where does it come from? How are the databases accessed?

Databases compiled in the public and private sector
contain an increasingly vast amount of information about individuals.
The data contained in either traditional central repositories,
or more and more frequently in easily linked together distributed
databases ranges from what is commonly referred to as "white
pages information" -- information found in the phone book
-- to criminal history records, and information about purchases
as diverse as appliances to pharmaceuticals. Information about
individuals is culled from many sources.

"Public" Records:

It is important to recognize that while today's discussion
focuses on private sector databases, much of the raw data needed
to develop these enhanced databases is purchased or retrieved
from public agencies. Underlying this review of private sector
databases looms the question of what public policy framework should
control third party access to "personally identifiable information"
contained in government files. [ 1 ] While the
focus of today's discussion is not to review the access and use
of public records, it is useful to review the types of records
that are often labeled "public records" and widely available
for thirdparty access and use. Examples common "public records"
include, but are not limited to:

From these commonly available public records one
can construct revealing profiles of individuals including their
name and address and additional information such as their (parentheses
indicate one possible source):

As these two lists reveal the policies surrounding
third party access to personally identifiable information in records
collected for specific public purposes and maintained by government
agencies has serious consequences for the privacy of individuals.
The collection of personal information by public agencies is often
a necessary precursor for engaging in a specific activity -- be
it a home purchase or driving a car. The information is collected
and used for purposes directly tied to the reason for its collection.
However, often times the information is also used and disclosed
to others for many reasons that have little, if any, nexus to
the underlying purpose for its collection. As the FTC examines
this issue, CDT believes it is important to look at the central
role government has played, and continues to play, in the creation
of these private sector databases, and consider whether a review
of policies governing access to personally identifiable information
in public records is warranted.

Private Profiling

"Adfinity enables content providers, advertisers
and direct marketing companies to target content to demographic
audiences so precise they can reach markets as narrowly defined
as a single consumer." (http://www.adfinity.com/)

Marketing pitches such as the one above by Adfinity
hint at the wealth and detailed nature of personal information
generated within the private sector. Similarly, a press release
announcing a strategic alliance Equifax and VNU Marketing Information
Services (VNU MIS) elaborates on the extent of personal information
available in the private sector and potential uses, stating:

"With the information from Equifax about consumer
behavior not only in the US but around the world, we will now
be in a much better position to provide one of the most robust
databases in the industry," asserted Chuck Leonard, President,
VNU MIS. "We will now be one of the few firms to better predict
demographic, lifestyle and financial behavior of consumers."

While many members of the marketing community may
adhere to self-regulatory policies that limit the use of marketing
data for non-marketing purposes [ 4 ], others
may not. Regardless, these statements provide a glimpse at the
types of depth of personal data generated and available in the
private sector -- the uses of which are largely ungoverned by
existing law.

New technology generates increasingly detailed pools
of data on individuals. A recently released CDT report, "Communications
Privacy in the Digital Age," focusing on questions of governmental
access, finds, among other things, that

Signaling information and other transactional data
generated both on the Internet and in the telephone system offer
an increasingly revealing profile of personal patterns of association;
Wireless telephone systems generate data that allows real-time
tracking of cellular and other wireless phone users.

As more and more of our activities and relationships
with individuals, corporations, and government entities move online
the personal information available for collection, use, and possible
reuse and disclosure by the private sector will continue to escalate.
The privacy implications of this increased data collection, and
the potential impact of this increased data collection on individuals'
ability and willingness to engage in First Amendment protected
activities, as well as its implication for identity theft and
fraud all highlight the need to examine the collection and availability
of this growing pool of data.

Panel III: A Range of Responses From consumer education and technological
controls to government intervention and self-regulation, what
responses are under consideration? What can existing self-regulatory
programs in other sectors teach us?

CDT suggests that the FTC review suggested responses
to "Look-up Services" in light of the Fair Information
Practice Principles [ 5 ], focusing on the implementation
of the basic principle that:

There must be a way for an individual to prevent
personal information obtained for one purpose from being used
for another purpose without his or her consent.

As it is nearly impossible to effectively and efficiently
apply this principle at the point at which data becomes part of
a "Look-up Service" we should step back and examine
the rules governing the initial sources. The existence of many
"look-up services" depends, in part, upon an initial
violation of this fair information practice principle by government
agencies and others. Understanding that this would require a review
beyond the scope of the FTC's current activities, CDT believes
for an effective response to the privacy and other concerns raised
by "look-up services" it is essential that the information
practices of the entities responsible for the initial data collection
be examined -- this would include a review of rules controlling
access to personal information contained in public records. The
lack of attention to this core principle of fair information practice
undermines individual privacy and interferes with individuals
desire to disclose information where necessary to participate
in a service or activity or gain a benefit. [ 6 ]

At this point addressing the privacy issues around
existing "Look-up Services" requires another framework.
The existing statute that most readily maps onto "Look-up
Services" is the Fair Credit Reporting Act. CDT recommends
a change to the Fair Credit Reporting Act itself -- extending
the permissible purpose section to govern all information contained
in the credit file, including header information. This would shore
up an existing hole in the FCRA and limit the availability of
the individual's name, address, prior addresses, social security
numbers, and phone numbers which is the information needed to
commit financial fraud. Unlike white pages where individuals can
choose whether to publish their name, number or address, individuals
do not choose whether "header information" -- containing
the same information and more -- is sold by credit bureaus. Extending
the FCRA rules to cover this information would assist in controlling
fraud and would bring the FCRA a step closer to protecting consumer
privacy.

In addition given the existence of "Look-up
Services", the FTC should examine the possibility of a system
of rules similar to those set out in the FCRA to govern them.
Government agencies, social service agencies, and private companies
submitted comments spelling out the purposes for which they access
"Look-up Services." Consumer and privacy advocates have
brought attention to the potential risks to individuals' privacy
and identity posed by access to these databases. While the FCRA
is far from a perfect model of privacy protection, the establishment
of:

a limited set of "permissible purposes"
for which information can be accessed;
auditing and accountability mechanisms to control and monitor
access to systems;
limits on law enforcement access to these systems;
an individual right to review and correct information in these
systems; and,
remedies, including a private right of action, and stiff penalties
for violations of such rules;

would begin to address privacy concerns, especially
if coupled with a focus on the initial sources of the data as
mentioned above. In considering an FCRA-like model attention should
be paid to the range of data found in various databases. Perhaps
specific data items could be identified the inclusion of which
a single one or a combination of would trigger FCRA like controls.
We would be happy to discuss this proposal further, and look forward
to considering proposals made by others.

Conclusion

Information privacy is an increasing concern to the
public. The nexus between the availability of personal information
and vulnerability to fraud has been remarked upon by courts, policy-makers,
and victims alike. [ 7 ] In particular, the
widespread use of the Social Security Number as an identifier
by both the private and public sectors continues to raise concerns.
As information about the current practices of collecting and using
personal information trickles public concern with privacy continues
to escalate. A recent survey revealed that 83% of Americans are
very concerned about their privacy. Later this week we will gain
new understanding of this concern and how privacy perceptions
are changing as we embrace new technology. CDT appreciates the
opportunity to participate in the workshop and looks forward to
working with you to develop sound privacy solutions.